Error Message On Site With Proxy Status Turned On

Hi,
I transferred my sites to Cloudways and set up the traffic to be routed through Cloudflare’s CDN. 6 of the 7 sites have an error message -“ERR_SSL_VERSION_OR_CIPHER_MISMATCH” and only come up without the error message when the Proxy status is turned off.
I have been working with CLoudways techs and they suggested I contact Cloudflare’s support as it seems that something is blocking Cloudways’s server IP address. It seems like CF isn’t proxying the Cloudways IP as the sites are working without the CF proxy. The TLS/SSL is set to Flexible and all SSL/TLS versions are activated.

Any help will be greatly appreciated. Thanks much.

What’s the domain of the site experiencing the error?

www.thediymaster.com but there are 5 other sites experiencing the same issue.

The others are:

  1. www.exercisenfitnesscorner.com

  2. www.homeimprovementcircle.com

  3. www.thecampingcorner.com

  4. www.thegardeningpal.com

And

  1. www.thegiftpal.com

All of these sites load perfectly fine for me - is the proxy currently disabled for them?

Under one of the zones, go into SSL/TLS and take a screenshot of the Edge Certificates page.

Hi,
Do you have any idea how to resolve the issues?

I sent you the screenshots of the Edge Certificate page. Did you see them?

Hi,
I never heard back from you after sending the screenshots. Is there no support from Cloudflare with the free plan? How can I opt for a paid plan in the future when the initial problems I’m facing in setting up Cloudflare can’t be resolved with Cloudflare help?

There’s no screenshots that I can see on this thread.

This is my 3rd time sending these.

And the records have an orange cloud (proxied) in DNS for that zone?

I wouldn’t expect a certificate to appear until they are proxied.

Hi,
I don’t know if you remember my initial post. The sites will only appear with DNS only, therefore the Cloudways tech deactivated the proxy and set it to DNS only for the sites to come up.

They told me Cloudways was blocking their IP and I should contact you guys.

They said Cloudflare was blocking their IP address and I should contact Cloudflare. They stated that the fact when they set it to DNS ONLY, the sites come up and when the proxy is activated, , they don’t come up, it indicates that Cloudflare is blocking their server IP address and should contact Cloudflare to look into it.

They’re misleading you then.

This wouldn’t be caused by anything related to Cloudflare connecting to your origin, or vice versa - this is exclusively because a certificate wasn’t generated for your domain yet (hence your Edge Certificates page listed none) so HTTPS would have never worked.

Set your SSL/TLS mode to Full (because Flexible is insecure and only for edge-cases when your origin can’t use HTTPS) and, if you’d rather not cause any downtime, make a proxied subdomain that points to your site so that Cloudflare can kickstart the certificate issuance and then proxy your root domain when that Edge Certificates page lists a certificate, like so:

Thanks so much for the explanation. I really appreciate it. If I don’t mind the downtime, what is the other option instead of making a proxied domain.

It’s just that when you proxy your @ record (the one that just says your full website name in the dashboard), the certificate issuance isn’t always instant (so you would get that SSL error when loading the site).

If you proxy a random, new subdomain instead then no-one will be using it and it exists purely to give Cloudflare a heads-up of ‘I have a website proxied now that needs a certificate’

Ok, thanks much. I’m trying to understand what I have to do so I don’t make things worse.

Setting up the proxied domain entails using a wildcard like *mysite.com and this will be a new A record that I put in the DNS records on Cloudflare?

Just setup cloudflare.mysite.com for now, point it to the same IP address that your @ or mysite.com record points to and make sure it’s proxied with an orange cloud.

Once https://cloudflare.mysite.com works, you should be able to proxy the @ / mysite.com record and it should then work with no issues.

Ok, thanks so much. I will do it and see. Appreciate it much.